Adjunct processors are typically used in conjunction with telecommunications systems to provide to users telecommunications features and services that switching systems and their intelligence (i.e., their control processors) are not designed to, or are ill-equipped to, provide. A well-known example of adjunct processors is voice-messaging systems.
In a typical configuration, a call connected to a switching system that is determined to require the services of an adjunct processor is connected by the switching system to the adjunct processor, whereupon the adjunct processor serves the call directly. One of the features that the adjunct processor may provide is to transfer the call to another destination. An illustrative voice-messaging system providing a call-transfer feature is disclosed in European patent no. 0255325.
While beneficial in many respects, the call-transfer feature when misused may subject the adjunct processor to being used to perpetrate toll fraud. Toll fraud generally refers to a caller making unauthorized calls, typically long-distance calls, in such a manner that the caller cannot be billed for the calls. The following scenario, also diagrammed in FIG. 2, illustrates how toll fraud using an adjunct processor that provides a call-transfer feature may be penetrated.
First, a caller 10 places a call that gets connected to an adjunct processor 16, at step 20. For example, caller 10 places a call to a party who is served by a private-branch exchange (PBX) 14 and a voice-messaging system 16 and who, the caller 10 knows, is unavailable to receive the call. In response to the call going unanswered at the telephone 15 of the called party, the PBX 14 connects the call to the voice-messaging system 16, which answers the call at step 21. Upon being connected to adjunct processor 16 by the PBX 14, caller 10 requests a call transfer, at step 22, illustratively by pressing the "*" and "T" buttons on the caller's telephone 11. This activates the call-transfer feature in adjunct processor 16 and causes adjunct processor 16 to prompt caller 10 to enter a desired 5-digit extension number followed by a pound sign, at step 23. (While, in this example, a 5-digit extension number is used, extension-number length is not relevant to the portrayed scenario.) Instead of entering a valid 5-digit extension--for example, the extension of the called party's colleague or secretary--caller 10 enters a 5-digit sequence XYYYZ followed by the pound sign, at step 24, where X is a trunk access code digit, YYY is an area code that caller 10 desires to (fraudulently) reach, and Z is the first digit of a telephone number that the caller desires to reach. In other words, the dialed digit sequence is a pseudo-extension that contains the beginning digits of a long-distance telephone number. In response to receipt of the pound sign, adjunct processor 16 commences the desired transfer by simulating pressing of a transfer button on a telephone, at step 25. For example, adjunct processor 16 accomplishes the simulation by sending a digital message indicating that the transfer button was pressed, to PBX 14. PBX 14 responds by placing the call on hold and giving dial tone to adjunct processor 16, at step 26. Adjunct processor 16 responds by sending the 5-digit number that it had received from caller 10 to PBX 14, at step 27. PBX collects these digits, at step 28. Adjunct processor 16 then simulates pressing of the transfer button once more, at step 29. PBX 14 responds by commencing to analyze the collected digits, and in response to discovering that the first digit is the trunk access code X, it seizes a trunk 13 to central office 12, sends the other four collected digits out on the seized trunk 13, disconnects the call from adjunct processor 16, and connects the call to the seized trunk 13, at step 30, thereby completing the requested transfer. Central office 12 collects the digits that were sent out by PBX 14, at step 31. Caller 10 is now connected to central office 12, and caller 10 enters the remaining digits of the long-distance telephone number that he or she is trying to fraudulently reach, at step 32. Central office 12 collects the entered digits and completes the desired long-distance call, at step 33. As far as central office 12 can determine, the completed call has been placed from PBX 14, and hence the owner of PBX 14 and not caller 10 will be charged for the call. Toll fraud has thus been perpetrated.
It is clearly desirable to prevent the use of an adjunct processor to perpetrate toll fraud, and a number of ways of achieving this objective have been implemented or proposed. One way is to exchange control communications between the adjunct processor and the switching system over a separate control link, instead of across the call connection, thereby denying the caller control access to the switching system. However, interfaces to such control links exist only on some switching systems and adjunct processors. Moreover, the communications protocols of these control links are typically proprietary, preventing use of the control links to interconnect equipment made by different manufacturers. Another way to prevent toll fraud is to modify the operation of the adjunct processor to cause it to validate the extension entered by the caller, and refuse to perform the call transfer if it finds that the number entered by the caller is not a valid extension. A disadvantage of this approach is that controls on call transfer that are implemented on the adjunct processor are often too restrictive, due to the limited information that is available to the adjunct processor. For example, a voice messaging system that serves only a subset of the full set of valid extension numbers typically has no knowledge of extension numbers other than those which it serves, and hence it generally undesirably blocks transfers to extension numbers that it does not serve. Implementing an effective yet not unduly restrictive extension-validation mechanism on the adjunct processor therefore normally requires a significant redesign and expansion of the adjunct processor's operating software. Yet another way to prevent toll fraud is to cause the PBX to perform a full analysis of the entire number received from the adjunct processor in order to validate the number, and refuse to perform the call transfer if it finds that the number is not a valid extension. However, analogously to the just-mentioned adjunct-implemented approach, this approach to the problem may involve a significant redesign of the PBX operating software. This is an expensive undertaking in either case, and one that makes it difficult or even impossible to retrofit prevention of adjunct-assisted toll fraud into existing adjunct processors and switches. Therefore, a more universally-applicable, simpler, and easily-retrofitable technique of preventing adjunct-assisted toll fraud is needed.